chmod 777? Does it mean that everyone from the web can write to that folder?

Click to expand...

Yes, but if you need php to write to it then you have no choice though your host should have protection in place to prevent other users on the server from accessing those folders via php such as php open base directory protection. The only way those folder can be written to otherwise is if someone finds/uploads an exploit to your server so you should practice good web security.

My logic is almost BSOD'ed
How's that - scripts are mine. The guy who uploaded them is me. But their rights like not mine.
Is there any solutions other than chmod 777

Click to expand...

Not unless php is run under phpsuexec! Basically, you own the file but php is a different user to you, the user "nobody". If php was you then every user on the server would require their own copy of php! If php open base directory protection is in place then you have nothing to worry about and anyway, why are you so paranoid :D

PHPSUEXEC is a module for Apache which can be used to run PHP as a CGI under
the User of the web site owner. If it is not set up completely, it will
require that the #! be included at the front of the php code in order to
invoke PHP as the CGI.

Originally Posted by XaHyMaH
chmod 777? Does it mean that everyone from the web can write to that folder?

Yes, but if you need php to write to it then you have no choice though your host should have protection in place to prevent other users on the server from accessing those folders via php such as php open base directory protection. The only way those folder can be written to otherwise is if someone finds/uploads an exploit to your server so you should practice good web security.

Click to expand...

What exactly does it mean that everyone to the web can write to the folder? Anyone visiting a website with a file writable to anyone can just enter a url and write to it? This always confused me. That writable file by itself is not a security hole, there has to be another hole first, correct?

"Everyone on the web can write to that folder"
bullshit is all i have to say. 'everyone' on the server could however if its a cpanel server that is gonna be impossible due to restrictions. Chmod 777 basically means users such as apache, php etc can write to.

Quit worrying! Unless as dwh2 said there is a security hole in a file there are no other known security holes for this.

I prefer suPHP over PHPSuExec. Of course, I never really played with PHPSuExec that much, but I couldn't figure out how to enable it and disable it for certain accounts. This is something you can do with suPHP.